Обсуждение: Offer to slave dns
Hello,
I would like to add the following slave servers to the dns pool:
ns1.cmdalert.com
ns1.commandprompt.com
They are in geographically different locations.
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
On Wed, Sep 06, 2006 at 05:48:51PM -0700, Joshua D. Drake wrote:
> Hello,
>
> I would like to add the following slave servers to the dns pool:
>
> ns1.cmdalert.com
> ns1.commandprompt.com
>
> They are in geographically different locations.
Hi all,
While additional slave servers would be nice, they wouldn't help the
problem that happened yesterday. The problem that happened
yesterday looked, at least from the outside, like the failure of a
sigle component that took everything with it.
What is needed to avoid this is a multi-master set up. It's a little
trickier to build, but it isn't that hard. Would it be possible to
do that?
A
--
Andrew Sullivan | ajs@crankycanuck.ca
The whole tendency of modern prose is away from concreteness.
--George Orwell
www team, Based on some discussion online, the rest of us aren't clear on who has DNS authority other than Marc. When he's out of contact (like last week) if we have a DNS issue who can fix it? Dave, Magnus, Robert? If nobody else currently has access that's a big single point of failure. Can we get that set up? -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco
On 7/9/06 20:14, "Josh Berkus" <josh@agliodbs.com> wrote: > www team, > > Based on some discussion online, the rest of us aren't clear on who has DNS > authority other than Marc. When he's out of contact (like last week) if > we have a DNS issue who can fix it? Dave, Magnus, Robert? I'm discussing this problem with Marc ATM. We'll get something sorted out. Regards, Dave.
> www team, > > Based on some discussion online, the rest of us aren't clear > on who has DNS > authority other than Marc. When he's out of contact (like > last week) if > we have a DNS issue who can fix it? Dave, Magnus, Robert? Nobody. > If nobody else currently has access that's a big single point > of failure. > Can we get that set up? Yes, that is something we need to work on. Personally, I think we can do this in a very easy way: move the primary DNS to one of the machines where multiple people from the community has access. But also a machine that not too many has access to, of course ;-) Should be easy enough to do, and shouldn't have any major implications that I can see. I would also make the (bold) suggestion that either admin or tech contact for the domain record is transferrred to someone else, so there are two people who can deal with those. I would suggest Tom, Bruce or Dave. But in case Marc is gone a long time for some reason or other (that bus thingie or whatever), someone might need to tweak the nameservers at that config. //Magnus
On Thursday 07 September 2006 15:35, Magnus Hagander wrote:
> > www team,
> >
> > Based on some discussion online, the rest of us aren't clear
> > on who has DNS
> > authority other than Marc. When he's out of contact (like
> > last week) if
> > we have a DNS issue who can fix it? Dave, Magnus, Robert?
>
> Nobody.
>
> > If nobody else currently has access that's a big single point
> > of failure.
> > Can we get that set up?
>
> Yes, that is something we need to work on. Personally, I think we can do
> this in a very easy way: move the primary DNS to one of the machines
> where multiple people from the community has access. But also a machine
> that not too many has access to, of course ;-) Should be easy enough to
> do, and shouldn't have any major implications that I can see.
>
> I would also make the (bold) suggestion that either admin or tech
> contact for the domain record is transferrred to someone else, so there
> are two people who can deal with those. I would suggest Tom, Bruce or
> Dave. But in case Marc is gone a long time for some reason or other
> (that bus thingie or whatever), someone might need to tweak the
> nameservers at that config.
>
So, just to toss out another option, I'm pretty sure we could get a free
account from the folks at UltraDNS for the postgresql.org project. This
would give us something that is global, replicated, w/ no-downtime, anycast
capable, on a completely independent network/hardware system and accessible
by whichever community members we deem necessary.
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
>> I would also make the (bold) suggestion that either admin or tech
>> contact for the domain record is transferrred to someone else, so there
>> are two people who can deal with those. I would suggest Tom, Bruce or
>> Dave. But in case Marc is gone a long time for some reason or other
>> (that bus thingie or whatever), someone might need to tweak the
>> nameservers at that config.
>>
>
> So, just to toss out another option, I'm pretty sure we could get a free
> account from the folks at UltraDNS for the postgresql.org project. This
> would give us something that is global, replicated, w/ no-downtime, anycast
> capable, on a completely independent network/hardware system and accessible
> by whichever community members we deem necessary.
>
As a commercial reference. CMD uses them for much (not all) of their
secondary DNS. It works well, they have good customer service and I have
never had a problem with them.
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
> -----Original Message----- > From: pgsql-www-owner@postgresql.org > [mailto:pgsql-www-owner@postgresql.org] On Behalf Of Robert Treat > Sent: 10 September 2006 13:50 > To: pgsql-www@postgresql.org > Cc: Magnus Hagander; josh@agliodbs.com > Subject: Re: [pgsql-www] Who admins DNS? > > So, just to toss out another option, I'm pretty sure we could > get a free > account from the folks at UltraDNS for the postgresql.org > project. This > would give us something that is global, replicated, w/ > no-downtime, anycast > capable, on a completely independent network/hardware system > and accessible > by whichever community members we deem necessary. If you're thinking of them providing secondary services, then there isn't really any need - it was the blind primary that got screwed up in the snafu this week, the secondaries (and in fact the visible primaries) were working just fine. For added redundancy though, I'm configuring up a couple more secondaries later this week. If you're thinking of using them as a primary, then that is highly unlikely to work I suspect. Our main zone file is dynamically generated from the database on borg and a couple of other sources on a daily basis - it's not something that we can just edit in a web interface periodically. There's also the mirrors.postgresql.org subdomain which is handled by a different primary and is dynamically updated every 15 minutes or so. Even if we left that as-is, do UltraDNS provide a method to delegate the subdomain to a different server? Regards, Dave.
> > So, just to toss out another option, I'm pretty sure we could get a > > free account from the folks at UltraDNS for the postgresql.org > > project. This would give us something that is global, > replicated, w/ > > no-downtime, anycast capable, on a completely independent > > network/hardware system and accessible by whichever > community members > > we deem necessary. > > If you're thinking of them providing secondary services, then > there isn't really any need - it was the blind primary that > got screwed up in the snafu this week, the secondaries (and > in fact the visible primaries) were working just fine. For > added redundancy though, I'm configuring up a couple more > secondaries later this week. Agreed - as a secondary, the help is marginal. > If you're thinking of using them as a primary, then that is > highly unlikely to work I suspect. Our main zone file is > dynamically generated from the database on borg and a couple > of other sources on a daily basis > - it's not something that we can just edit in a web interface > periodically. There's also the mirrors.postgresql.org > subdomain which is handled by a different primary and is > dynamically updated every 15 minutes or so. Even if we left > that as-is, do UltraDNS provide a method to delegate the > subdomain to a different server? I'm *sure* they provide delegation of subdomain, given the customers that they have. AFAIK, UltraDNS is a professional *enterprise* DNS hoster. But I can be wrong on that ;) The more interesting question to ask is do they have an API for dynamically updating the DNS records. (Maybe just dynamic-dns? If security is configure dproperly, that should work, no?) If it's an API we can use, then it can definitly still be a win. //Magnus
> > I'm *sure* they provide delegation of subdomain, given the customers > that they have. AFAIK, UltraDNS is a professional *enterprise* DNS > hoster. But I can be wrong on that ;) > > The more interesting question to ask is do they have an API for > dynamically updating the DNS records. (Maybe just dynamic-dns? If > security is configure dproperly, that should work, no?) If it's an API > we can use, then it can definitly still be a win. If we are seriously interested in this, CMD is a long term customer of theirs. I would be happy to call and see what type of accomodations they would be willing to make for us. Joshua D. Drake > > > //Magnus > > ---------------------------(end of broadcast)--------------------------- > TIP 3: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faq > -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/
> -----Original Message----- > From: Joshua D. Drake [mailto:jd@commandprompt.com] > Sent: 10 September 2006 21:05 > To: Magnus Hagander > Cc: Dave Page; Robert Treat; pgsql-www@postgresql.org; > josh@agliodbs.com > Subject: Re: [pgsql-www] Who admins DNS? > > > > > I'm *sure* they provide delegation of subdomain, given the customers > > that they have. AFAIK, UltraDNS is a professional *enterprise* DNS > > hoster. But I can be wrong on that ;) > > > > The more interesting question to ask is do they have an API for > > dynamically updating the DNS records. (Maybe just dynamic-dns? If > > security is configure dproperly, that should work, no?) If > it's an API > > we can use, then it can definitly still be a win. Even if they do, it doesn't eliminate the point of failure that went last time - the zone file generation script. > If we are seriously interested in this, CMD is a long term > customer of > theirs. I would be happy to call and see what type of > accomodations they > would be willing to make for us. I don't believe there's any real need thanks. This is the first DNS screw up in over 10 years, and was one I don't expect will be made again. Moving to a whole new provider will undoubtedly cause more pain for little, if any gain. Regards, Dave.
On Sun, Sep 10, 2006 at 09:42:55PM +0200, Magnus Hagander wrote:
>
> The more interesting question to ask is do they have an API for
> dynamically updating the DNS records. (Maybe just dynamic-dns? If
> security is configure dproperly, that should work, no?) If it's an API
> we can use, then it can definitly still be a win.
They do have an API. As it happens, Afilias uses it. I'm under NDA,
so I can't discuss it. I will say that we've been testing an upgrade
of some of our own code against it for over a month, and we're not
there yet. Note that that statement emphatically discloses nothing
about the Neustar Ultra Services (UltraDNS doesn't exist any more)
API. You may draw your own conclusions.
The alternative is to use [A|I]XFR to them. I urge anyone planning
to use that strategy with Neustar Ultra to ask _very careful_
questions before agreeing to their approach to this. Again, I am
under NDA, and not in a position to talk about it. I would urge
people to ask similar careful questions of anyone running BIND or
NSD, too.
If people would like to wait for a short while, I may be able to
provide another option (I'm working on this with my employer right
now) that would run on top level domain infrastructure. The
additional redundancy in this case, after all, would not help (as
many have observed).
A
--
Andrew Sullivan | ajs@crankycanuck.ca
The plural of anecdote is not data.
--Roger Brinner
>If people would like to wait for a short while, I may be able to >provide another option (I'm working on this with my employer right >now) that would run on top level domain infrastructure. The >additional redundancy in this case, after all, would not help (as >many have observed). If we can look forward to some further info and possible help from such DNS experts, I see no reason why we shouldn't wait. So, please let us know when you're there. //Magnus
On Thu, Sep 14, 2006 at 11:29:36AM +0200, Magnus Hagander wrote:
> If we can look forward to some further info and possible help from such
> DNS experts, I see no reason why we shouldn't wait. So, please let us
> know when you're there.
So, I spoke to my boss about this. He is an enthusiastic supporter.
The project, on which I am currently working, involves a new set of
high-availability DNS servers distributed around the world. The
first of them is slated to turn up very late in 2006.
I anticipate that we should be able to offer a secondary master node,
if people would like, some time early in 2007. That is, it would act
as an authoritative master, allowing zone transfers to other slaves
if we desired.
In the meantime, I'm prepared to act as another slave server. The
location I'm thinking of putting it has 30Mb connectivity, 12 hour
battery and on-site generators; but I could put it somewhere with
more bandwidth if people think that'd be necessary.
A
--
Andrew Sullivan | ajs@crankycanuck.ca
Information security isn't a technological problem. It's an economics
problem.
--Bruce Schneier
I as always can spare services and bandwidth and can act as a secondary as well. Please let me know if/how/when to set it up (master server to point at really) if it's wanted. Andrew, can't wait to see what you guys are going to release as far as high-availability DNS is concerned. Gavin On Sep 21, 2006, at 2:17 PM, Andrew Sullivan wrote: > On Thu, Sep 14, 2006 at 11:29:36AM +0200, Magnus Hagander wrote: >> If we can look forward to some further info and possible help from >> such >> DNS experts, I see no reason why we shouldn't wait. So, please let us >> know when you're there. > > So, I spoke to my boss about this. He is an enthusiastic supporter. > > The project, on which I am currently working, involves a new set of > high-availability DNS servers distributed around the world. The > first of them is slated to turn up very late in 2006. > > I anticipate that we should be able to offer a secondary master node, > if people would like, some time early in 2007. That is, it would act > as an authoritative master, allowing zone transfers to other slaves > if we desired. > > In the meantime, I'm prepared to act as another slave server. The > location I'm thinking of putting it has 30Mb connectivity, 12 hour > battery and on-site generators; but I could put it somewhere with > more bandwidth if people think that'd be necessary. > > A > > -- > Andrew Sullivan | ajs@crankycanuck.ca > Information security isn't a technological problem. It's an economics > problem. > --Bruce Schneier > > ---------------------------(end of > broadcast)--------------------------- > TIP 9: In versions below 8.0, the planner will ignore your desire to > choose an index scan if your joining column's datatypes do not > match
>
> In the meantime, I'm prepared to act as another slave server. The
> location I'm thinking of putting it has 30Mb connectivity, 12 hour
> battery and on-site generators; but I could put it somewhere with
> more bandwidth if people think that'd be necessary.
More bandwidth for DNS? Good lord... ;) /me looks at his 50Mb and
natural gas generators (that's right baby... no diesel :))
Joshua D. Drake
>
> A
>
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
On Thu, Sep 21, 2006 at 02:23:32PM -0700, Gavin M. Roy wrote:
> Andrew, can't wait to see what you guys are going to release as far
> as high-availability DNS is concerned.
There Will Be Announcements, but Not Yet :)
A
--
Andrew Sullivan | ajs@crankycanuck.ca
The whole tendency of modern prose is away from concreteness.
--George Orwell
On Thu, 21 Sep 2006, Andrew Sullivan wrote: > On Thu, Sep 14, 2006 at 11:29:36AM +0200, Magnus Hagander wrote: >> If we can look forward to some further info and possible help from such >> DNS experts, I see no reason why we shouldn't wait. So, please let us >> know when you're there. > > So, I spoke to my boss about this. He is an enthusiastic supporter. > > The project, on which I am currently working, involves a new set of > high-availability DNS servers distributed around the world. The > first of them is slated to turn up very late in 2006. > > I anticipate that we should be able to offer a secondary master node, > if people would like, some time early in 2007. That is, it would act > as an authoritative master, allowing zone transfers to other slaves > if we desired. > > In the meantime, I'm prepared to act as another slave server. The > location I'm thinking of putting it has 30Mb connectivity, 12 hour > battery and on-site generators; but I could put it somewhere with > more bandwidth if people think that'd be necessary. Right now, we are up to two in the UK, 3 in the US, 1 in Toronto and 3 in Panama ... not sure where "yet another" would be ideally located ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email . scrappy@hub.org MSN . scrappy@hub.org Yahoo . yscrappy Skype: hub.org ICQ . 7615664
> > In the meantime, I'm prepared to act as another slave server. > The > > location I'm thinking of putting it has 30Mb connectivity, 12 > hour > > battery and on-site generators; but I could put it somewhere with > more > > bandwidth if people think that'd be necessary. > > Right now, we are up to two in the UK, 3 in the US, 1 in Toronto > and 3 in Panama ... not sure where "yet another" would be ideally > located ... Well, one interesting thing is: are the two UK on the same connection? The 3 US? The 3 panama? Or are they on different providers in said country? Otherwise, just looking at the list, east asia or Australia would be the logical place... //Magnus
> -----Original Message----- > From: pgsql-www-owner@postgresql.org > [mailto:pgsql-www-owner@postgresql.org] On Behalf Of Magnus Hagander > Sent: 22 September 2006 08:25 > To: Marc G. Fournier; Andrew Sullivan > Cc: pgsql-www@postgresql.org > Subject: Re: [pgsql-www] Who admins DNS? > > > > In the meantime, I'm prepared to act as another slave server. > > The > > > location I'm thinking of putting it has 30Mb connectivity, 12 > > hour > > > battery and on-site generators; but I could put it somewhere with > > more > > > bandwidth if people think that'd be necessary. > > > > Right now, we are up to two in the UK, 3 in the US, 1 in Toronto > > and 3 in Panama ... not sure where "yet another" would be ideally > > located ... > > Well, one interesting thing is: are the two UK on the same connection? Nope. Not even the same ISP. /D